ada/RecordFlux-devutils
0
0
Fork 0
mirror of https://github.com/AdaCore/RecordFlux-devutils.git synced 2026-02-12 13:10:44 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
RecordFlux-devutils/linux
History
Corentin Machu 269060175b Update prebuilt kernel with wireguard support 
Ref. eng/recordflux/RecordFlux-devutils#16
2024-03-22 11:48:55 +01:00
..
config
Add wireguard in kernel config
2024-03-22 11:48:16 +01:00
init
Implement VM environment for unprivileged testing
2023-11-17 10:57:30 +00:00
kernel
Update prebuilt kernel with wireguard support
2024-03-22 11:48:55 +01:00
README.md
Implement VM environment for unprivileged testing
2023-11-17 10:57:30 +00:00
run
Implement VM environment for unprivileged testing
2023-11-17 10:57:30 +00:00
update_kernel.sh
Implement VM environment for unprivileged testing
2023-11-17 10:57:30 +00:00

README.md

This folder contains scripts and a Linux kernel binary to transparently run privileged commands as a user inside a virtual machine.

Usage

The linux/run script is the main entry point to the tool:

$ linux/run $(pwd) echo Hello World
Hello World

The first argument is the absolute path of the host working directory to be entered before the command is executed. The exit code of the run script matches the exit code of the command that was executed:

$ linux/run $(pwd) true; echo $?
0
$ linux/run $(pwd) false; echo $?
1

Instead of a command, a script or any other binary can be passed to run:

$ printf '#!/bin/bash\necho Hello World\nexit 42' > /tmp/myscript
$ chmod 755 /tmp/myscript
$ linux/run $(pwd) /tmp/myscript; echo $?
Hello World
42

Background

Commands are executed inside a Qemu virtual machine directly by the init script (linux/init). Consequently, all scripts are run as the root user and there are generally no limitations on what the executed command can do. The host file system is fully exposed to the guest VM using a 9P virtio root file system. That means, that paths in the guest match those in the host. However, access permissions still apply and files to be accessed in the virtual machine must be accessible by the user executing linux/run. The exit code of the script (or the exit code of init in case of errors), is passed back to Qemu using the special isa-debug-exit device. Note, that the kernel used in the virtual machine is stripped down to reduce binary size and build time and it may lack required features. See the section "Linux Kernel" on how to add new features and rebuild the kernel.

Prerequisites

The following packages are required on the host system to run the tool:

  • qemu-system-x86
  • xxd
  • iproute2

Linux Kernel

Configuration

A new kernel image can be created using the update_kernel.sh script. It requires the usual build dependencies as outlined in the Linux kernel documentation.

$ cd linux/
$ ./update_kernel.sh

To change the configuration interactively, set the MENUCONFIG environment variable:

$ cd linux/
$ MENUCONFIG=1 ./update_kernel.sh

The resulting files kernel and config contain the newly built Linux kernel and the updated configuration, respectivly. If you want to retain those changes, commit both files to the repository.

Update

A different kernel version can be built by setting the LINUX_URL environment variable to a download location of a .tar.xz archive of the Linux source tree. For a permanent upgrade, change the respective default in linux/update_kernel.sh

Limitations

  • The tool only works on x86_64
  • The screen is always cleared when executing run
Reference in New Issue View Git Blame Copy Permalink